This repository was archived by the owner on Feb 11, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
130 lines (114 loc) · 3.78 KB
/
test.yml
File metadata and controls
130 lines (114 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# SPDX-License-Identifier: Apache-2.0
# yamllint disable rule:line-length
name: Test
on:
workflow_dispatch:
push:
branches:
- "main"
- "release-**"
paths:
- '**.py'
- 'requirements**.txt'
- 'tox.ini'
- 'actions/**.sh'
- '.github/workflows/test.yml' # This workflow
pull_request:
branches:
- "main"
- "release-**"
paths:
- '**.py'
- 'requirements**.txt'
- 'tox.ini'
- 'actions/**.sh'
- '.github/workflows/test.yml' # This workflow
env:
LC_ALL: en_US.UTF-8
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
test-workflow-ready:
permissions:
checks: read
uses: ./.github/workflows/status-checks.yml
with:
# The unit and functional tests will not start until the following job IDs have succeeded
job_ids: >- # Space-separated job ids to wait on for status checks
DCO
shellcheck
lint-workflow-complete
test:
# Start name with 'test:' for test-workflow-complete job_ids
name: "test: ${{ matrix.python }} on ${{ matrix.platform }}"
needs: ["test-workflow-ready"]
runs-on: "${{ matrix.platform }}"
strategy:
fail-fast: false
matrix:
python:
- "3.10"
- "3.11"
platform:
- "ubuntu-latest"
include:
- python: "3.11"
platform: "macos-latest"
steps:
- name: "Harden Runner"
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# https://github.com/actions/checkout/issues/249
fetch-depth: 0
# Always apt-get update before installing any extra packages
# https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners#installing-software-on-ubuntu-runners
- name: Update apt index
if: startsWith(matrix.platform, 'ubuntu')
run: |
sudo apt-get update
- name: Install tools on MacOS
if: startsWith(matrix.platform, 'macos')
run: |
brew install expect coreutils bash skopeo
- name: Setup Python ${{ matrix.python }}
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: ${{ matrix.python }}
## TODO: Uncomment once this change merges into `main`. We can't use caching until it's merged.
# cache: pip
# cache-dependency-path: |
# **/requirements*.txt
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install tox tox-gh>=1.2
- name: Run Python unit tests for each GH action
run: |
tox -e detect-exposed-workflow-secrets
- name: Run Bash "unit" tests with tox on MacOS
if: startsWith(matrix.platform, 'macos')
run: |
tox -e launch-ec2-runner-with-fallback
# Default shell on Ubuntu is 'dash', so we need to override the default shell
- name: Run Bash "unit" tests with tox on Linux
if: startsWith(matrix.platform, 'ubuntu')
run: |
# Forcefully overwrite the symlink from `/bin/sh -> /bin/dash` to: `/bin/sh -> /bin/bash`.
sudo ln -sf /bin/bash /bin/sh
tox -e launch-ec2-runner-with-fallback
shell: bash
test-workflow-complete:
permissions:
checks: read
uses: ./.github/workflows/status-checks.yml
with:
job_ids: >- # Space-separated job ids to wait on for status checks
test-workflow-ready
test: